chore: better ci
This commit is contained in:
35
.dockerignore
Normal file
35
.dockerignore
Normal file
@@ -0,0 +1,35 @@
|
||||
# Exclude build output and IDE files to reduce Docker build context size
|
||||
target
|
||||
**/target
|
||||
|
||||
# Git and local metadata
|
||||
.git
|
||||
.gitignore
|
||||
.DS_Store
|
||||
|
||||
# Local editor / IDE
|
||||
.idea
|
||||
.vscode
|
||||
*.iml
|
||||
*.sublime-*
|
||||
|
||||
# Build artifacts and temporary files
|
||||
*.class
|
||||
*.log
|
||||
tmp/
|
||||
build/
|
||||
|
||||
# Swap / editor backups
|
||||
*.swp
|
||||
|
||||
# Internal Docker
|
||||
.dockerignore
|
||||
docker/
|
||||
|
||||
# Project specific ignores
|
||||
README.md
|
||||
LICENSE
|
||||
|
||||
# CI Files
|
||||
.github/
|
||||
.k8s/
|
||||
92
.github/workflows/deploy.yml
vendored
Normal file
92
.github/workflows/deploy.yml
vendored
Normal file
@@ -0,0 +1,92 @@
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Set up JDK 17
|
||||
uses: actions/setup-java@v3
|
||||
with:
|
||||
java-version: '17'
|
||||
distribution: 'temurin'
|
||||
cache: maven
|
||||
|
||||
- name: Build with Maven
|
||||
run: ./mvnw clean package -DskipTests
|
||||
|
||||
run-tests:
|
||||
runs-on: ubuntu-latest
|
||||
needs: [ build ]
|
||||
|
||||
steps:
|
||||
|
||||
- uses: actions/checkout@v3
|
||||
- name: Set up JDK 17
|
||||
uses: actions/setup-java@v3
|
||||
with:
|
||||
java-version: '17'
|
||||
distribution: 'temurin'
|
||||
cache: maven
|
||||
|
||||
- name: Running Tests with Maven
|
||||
run: ./mvnw test
|
||||
|
||||
docker:
|
||||
needs: [ build ]
|
||||
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop'
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write # required to push to ghcr.io
|
||||
id-token: write # optional for OIDC if you use it
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v3
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Log in to GHCR
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Prepare image tags
|
||||
run: |
|
||||
OWNER=$(echo "${GITHUB_REPOSITORY_OWNER}" | tr '[:upper:]' '[:lower:]')
|
||||
REPO=$(echo "${GITHUB_REPOSITORY#*/}" | tr '[:upper:]' '[:lower:]')
|
||||
|
||||
# Determine tag
|
||||
if [ "${GITHUB_REF_NAME}" = "main" ]; then
|
||||
TAG="latest"
|
||||
else
|
||||
TAG="dev"
|
||||
fi
|
||||
|
||||
SHORT_SHA=$(echo "${GITHUB_SHA}" | cut -c1-7)
|
||||
IMAGE_BASE="ghcr.io/${OWNER}/${REPO}"
|
||||
|
||||
echo "IMAGE_LATEST=${IMAGE_BASE}:${TAG}" >> $GITHUB_ENV
|
||||
echo "IMAGE_SHA=${IMAGE_BASE}:sha-${SHORT_SHA}" >> $GITHUB_ENV
|
||||
|
||||
- name: Build and push Docker image (with registry cache)
|
||||
uses: docker/build-push-action@v5
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
platforms: linux/amd64,linux/arm64
|
||||
tags: |
|
||||
${{ env.IMAGE_LATEST }}
|
||||
${{ env.IMAGE_SHA }}
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
||||
43
.github/workflows/docker-image.yml
vendored
43
.github/workflows/docker-image.yml
vendored
@@ -1,43 +0,0 @@
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- 'main'
|
||||
|
||||
jobs:
|
||||
docker:
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v1
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
|
||||
- name: Login to DockerHub
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
- name: Build and push
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
platforms: linux/amd64,linux/arm64
|
||||
push: true
|
||||
tags: yoshiunfriendly/backend-hideyoshi.com:latest
|
||||
|
||||
run-dispatcher:
|
||||
needs: docker
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
|
||||
- name: Runs Infra-Hideyoshi.com Deployment Dispatcher
|
||||
run: |
|
||||
curl -X POST https://api.github.com/repos/HideyoshiSolutions/infra-hideyoshi.com/dispatches \
|
||||
-H 'Accept: application/vnd.github.everest-preview+json' \
|
||||
-u ${{ secrets.ACTIONS_KEY }} \
|
||||
--data '{"event_type": "refresh-deployments", "client_payload": { "deployments": "backend-deployment" }}'
|
||||
20
.github/workflows/run-tests.yml
vendored
20
.github/workflows/run-tests.yml
vendored
@@ -1,20 +0,0 @@
|
||||
name: ci
|
||||
on:
|
||||
push
|
||||
|
||||
jobs:
|
||||
run-tests:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
|
||||
- uses: actions/checkout@v3
|
||||
- name: Set up JDK 17
|
||||
uses: actions/setup-java@v3
|
||||
with:
|
||||
java-version: '17'
|
||||
distribution: 'temurin'
|
||||
cache: maven
|
||||
|
||||
- name: Running Tests with Maven
|
||||
run: ./mvnw test
|
||||
4
.gitignore
vendored
4
.gitignore
vendored
@@ -32,7 +32,9 @@ build/
|
||||
### VS Code ###
|
||||
.vscode/
|
||||
|
||||
src/main/resources/application-devel.yml
|
||||
src/main/resources/application*.yml
|
||||
!src/main/resources/application.yml
|
||||
!src/main/resources/application-no-oauth.yml
|
||||
|
||||
### Maven ###
|
||||
target/
|
||||
|
||||
25
Dockerfile
25
Dockerfile
@@ -1,17 +1,24 @@
|
||||
#
|
||||
# Build stage
|
||||
#
|
||||
FROM maven:3.9.3-ibm-semeru-17-focal AS build
|
||||
COPY src /home/app/src
|
||||
COPY pom.xml /home/app
|
||||
RUN mvn -Dmaven.test.skip -f /home/app/pom.xml clean package
|
||||
|
||||
WORKDIR /home/app
|
||||
|
||||
COPY pom.xml mvnw ./
|
||||
COPY .mvn/ .mvn/
|
||||
|
||||
# Download dependencies into /root/.m2 (use BuildKit cache if available).
|
||||
# If BuildKit isn't enabled this still works as a normal mvn dependency:go-offline.
|
||||
RUN --mount=type=cache,target=/root/.m2 mvn -B -Dmaven.test.skip=true dependency:go-offline
|
||||
|
||||
COPY src ./src
|
||||
RUN --mount=type=cache,target=/root/.m2 mvn -B -Dmaven.test.skip=true package
|
||||
|
||||
#
|
||||
# Package stage
|
||||
#
|
||||
FROM ibm-semeru-runtimes:open-17-jdk-focal
|
||||
WORKDIR /app
|
||||
|
||||
COPY --from=build /home/app/target/*.jar app.jar
|
||||
COPY src/main/resources/* credentials/
|
||||
# Copy final artifact
|
||||
COPY --from=build /home/app/target/*.jar ./app.jar
|
||||
|
||||
ENTRYPOINT ["java","-XX:TieredStopAtLevel=1","-Xverify:none","-jar","/app.jar"]
|
||||
ENTRYPOINT ["java","-XX:TieredStopAtLevel=1","-Xverify:none","-jar","/app/app.jar"]
|
||||
|
||||
@@ -8,7 +8,6 @@ import br.com.hideyoshi.auth.model.microservice.StorageServiceUploadResponse;
|
||||
import br.com.hideyoshi.auth.security.service.AuthService;
|
||||
import br.com.hideyoshi.auth.service.UserService;
|
||||
import br.com.hideyoshi.auth.service.microservice.StorageService;
|
||||
import br.com.hideyoshi.auth.util.exception.AuthenticationInvalidException;
|
||||
import br.com.hideyoshi.auth.util.exception.BadRequestException;
|
||||
import br.com.hideyoshi.auth.util.guard.UserResourceGuard;
|
||||
import br.com.hideyoshi.auth.util.guard.UserResourceGuardEnum;
|
||||
@@ -21,9 +20,7 @@ import org.springframework.web.bind.annotation.*;
|
||||
import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.validation.Valid;
|
||||
import java.io.IOException;
|
||||
import java.net.URI;
|
||||
import java.util.List;
|
||||
|
||||
|
||||
@@ -19,7 +19,7 @@ public class EmailUnique implements ConstraintValidator<UniqueEmail, String> {
|
||||
@Override
|
||||
public boolean isValid(String email, ConstraintValidatorContext constraintValidatorContext) {
|
||||
|
||||
AtomicReference<Boolean> emailValid = new AtomicReference();
|
||||
AtomicReference<Boolean> emailValid = new AtomicReference<>();
|
||||
this.userRepository.findByEmail(email).ifPresentOrElse(
|
||||
(value) -> {
|
||||
emailValid.set(false);
|
||||
|
||||
Reference in New Issue
Block a user